As foreshadowed last week, this month’s round of Microsoft patches focuses on critical vulnerabilities in Internet Explorer, .NET and Silverlight.
The IE patch covers eight vulnerabilities that reach all the way up to remote code execution from malicious web pages, and has to be applied to all supported versions from IE6 to IE9 …

Why?

Well, put simply, it's because.....

....it's bloody difficult to get it right all the time, every time.

Other OS's ship patches all the time. Feel pleased that these problems are found and patched, it would be far worse if they pretended it was all fine or indeed tried to make the software perfect before it shipped in which case Windows 1.0 would still be awaiting QA clearance.

Secure is possible.

Unlike other commentards here I think it is perfectly possible to write secure code. So I could agree with you in principle. However, if you are suggesting that MS is the only one that has insecure code, then you are simply mistaken.

Anyway, secure code is simply not written for consumers because the difficulty of making secure systems is exponentially linked to the complexity of the system. Then you have the features that users demands (or the developers try to push) that are inherently insecure. For instance, most applications on my computer that can access Internet, and thus be accessed by it, has no bloody need to do so, or the fact that e-mails allow more than plain text. So in a system that is meant to be used by idiots, is vastly complex and includes inherently insecure features you will have security holes. You can remove a lot of these holes before you release the code, but the cost to discover each hole is inverse proportional to the amount of holes left. So basically you can double to development time and cost and remove half of the bugs left.

But if you are willing to strip away a lot of features, reduce program cross-overs (one program for each task), spend ten times for the license and be happy with ten year old hardware, sure you can have something that is almost, but not entirely secure.